General
-
Target
df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e
-
Size
272KB
-
Sample
231209-chm78affe4
-
MD5
05604b7d20a7d61c044d23bf9ee29acd
-
SHA1
ed4bc7b907ec9645d5dee53c527cccb2d38a5448
-
SHA256
df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e
-
SHA512
03fe4f53d017b6eaa0dcf5225598f220669c9b4f47d9f57b97f8845212e256419388249922cc364f532d945476869d789ab6a98e486365b96c265d16ca334601
-
SSDEEP
6144:q48F7QsyKtpw9hAcGTJscDoAb0XWRnTqAJ:KF7pye4hAc8oi0Xkz
Static task
static1
Behavioral task
behavioral1
Sample
df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.etasimali.com - Port:
587 - Username:
[email protected] - Password:
RECRUTEMENT@2023
Extracted
agenttesla
Protocol: smtp- Host:
mail.etasimali.com - Port:
587 - Username:
[email protected] - Password:
RECRUTEMENT@2023 - Email To:
[email protected]
Targets
-
-
Target
df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e
-
Size
272KB
-
MD5
05604b7d20a7d61c044d23bf9ee29acd
-
SHA1
ed4bc7b907ec9645d5dee53c527cccb2d38a5448
-
SHA256
df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e
-
SHA512
03fe4f53d017b6eaa0dcf5225598f220669c9b4f47d9f57b97f8845212e256419388249922cc364f532d945476869d789ab6a98e486365b96c265d16ca334601
-
SSDEEP
6144:q48F7QsyKtpw9hAcGTJscDoAb0XWRnTqAJ:KF7pye4hAc8oi0Xkz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-